b"CRYPTOGRAPHIC INFRASTRUCTURE DESIGN\n\n\n\n          Audit Report No. 99-016\n             March 19, 1999\n\n\n\n\n          OFFICE OF AUDITS\n\n    OFFICE OF INSPECTOR GENERAL\n\x0cFederal Deposit Insurance Corporation                                                        Office of Audits\nWashington, D.C. 20434                                                          Office of Inspector General\n\n\n\n\n   DATE:                 March 19, 1999\n\n   TO:                   Donald C. Demitros, Director\n                         Division of Information Resources Management\n\n\n\n\n   FROM:                 David H. Loewenstein\n                         Assistant Inspector General\n\n   SUBJECT:              Cryptographic Infrastructure Design\n                         (Audit Report No. 99-016)\n\n\n   The Federal Deposit Insurance Corporation's (FDIC) Office of Inspector General (OIG) has\n   completed an audit of the design and implementation of computer-based cryptography for\n   sensitive and critical corporate data. This was the second of two audits addressing the\n   Corporation's planned use of cryptography.\n\n   Our first audit report, Implementation of Electronic Signatures to Support the Electronic Travel\n   Voucher Payment System (ETVPS) and Other Planned Applications (Audit Report Number 98-\n   052), was issued on June 30, 1998. That report focused on planning and management for\n   providing encryption and digital signature technology in support of FDIC systems and data and\n   contained three recommendations for improvements in the FDIC's methodology for developing\n   its electronic signature infrastructure. We recommended that the FDIC develop a long-range plan\n   and system architecture to bring the FDIC's electronic signature approach into full compliance\n   with government-wide standards and U.S. General Accounting Office (GAO) requirements. We\n   also recommended that the FDIC perform an alternatives and cost/benefit analysis comparing\n   available alternatives for satisfying the FDIC's electronic signature needs. In addition, we\n   recommended that the FDIC ensure that all Division of Information Resources Management\n   (DIRM) security and program managers communicate on a regular basis to share pertinent\n   information. DIRM provided a response indicating that it would address the recommendations\n   and provided documentation during this audit demonstrating its efforts, thus far, to do so. This\n   audit focused on DIRM\xe2\x80\x99s continued planning and management efforts related to encryption and\n   electronic signature issues and its implementation of this technology for low- and moderate-risk\n   application systems.\n\n   BACKGROUND\n\n   The FDIC is currently developing several major automated systems intended to reduce costs and\n   paperwork. These systems are being designed to use cryptography for secure transmission and\n   electronic approval of documents for payment or authorization purposes. Two recently\n   developed applications designed to make use of cryptography are the Performance Reports On-\n   Line System (PROS) and ETVPS.\n\x0cCryptography is the process of writing in or interpreting secret code. Effective use of public key\ncryptography provides the ability to securely exchange information with only selected recipients. A\nPublic Key Infrastructure (PKI)1 is the implementation of public key cryptography using computer\nhardware and software to establish trusted information-sharing among a select group of people.\nThis framework includes the use of electronic credentials, often called digital certificates, and the\nmanagement of public and private keys2 needed to encode and electronically sign data and to decode\nand verify the integrity of electronically signed data produced by others. With electronically signed\ndata, the recipient is assured of the signer's identity and that the signed data have not been altered.\n\nThe FDIC is currently using cryptography in two recently developed applications. The first,\nPROS, is an application designed to disseminate uniform bank, bank holding company, and\nuniform thrift performance reports to Division of Supervision and state bank examiners through\nthe FDIC Intranet and the Internet, respectively. Additionally, ETVPS is a client server3-based\napplication designed to provide a paperless method of handling travel arrangements and expense\nreimbursements.\n\nThe FDIC acquired and is implementing ENTRUST, a software product, to support its initial\nimplementation of PKI technology for low- to moderate-risk applications such as ETVPS.\n\nThe National Institute of Standards and Technology (NIST) has a core mission of promoting\neconomic growth by working with industry to develop technology, measurements, and standards.\nNIST has taken a leadership role in the development of standards for federal PKI that support\nelectronic signatures and encryption services. One of NIST\xe2\x80\x99s primary roles in this capacity is\ncoordinating the Federal Information Processing Standards (FIPS) 140-1 Security Requirements\nfor Cryptographic Modules validation program. NIST performed a cryptographic module\nvalidation (CMV) of the ENTRUST cryptographic module (CM) and assigned it a level-one\nrating when operating in FIPS-mode, the mode tested by NIST. Such a rating is the lowest on a\nscale of 1 to 4 and indicates that ENTRUST CM will provide security suitable for use within a\nsecurity system supporting low- to moderate-risk applications. However, this rating only applies\nwhen the CM is operating on a single workstation, in single-user mode, under a Microsoft\nWindows operating system.\n\nOBJECTIVES, SCOPE, AND METHODOLOGY\n\nThe objectives of this audit were to determine the adequacy of controls supporting the FDIC\xe2\x80\x99s\n(1) encryption and authentication of data transmitted during an active session on an unsecured\nexternal telecommunications network and (2) implementation of hardware and software to\nprovide initial encryption and electronic signature capabilities to support planned low- to\nmoderate-risk paperless application systems. To accomplish our audit objectives, we reviewed\n\n1\n  A set of policies, procedures, hardware, and software used to manage the public/private key pairs to provide the ability\nto digitally sign or verify signed documents and encrypt or decrypt data.\n2\n  A numeric value that, along with a cryptographic algorithm, can encrypt, decrypt, sign, and verify data.\n3\n  A computer system characterized by an information technology architecture where software is distributed to both a user\nworkstation and a network server for coordinated execution.\n                                                            2\n\x0cDIRM\xe2\x80\x99s conceptual design for providing encryption and PKI services, documentation related to\nsecurity features of hardware and software supporting the implementation of encryption and\nelectronic signature technologies, and other related documentation. We also interviewed DIRM\npersonnel, ENTRUST manufacturer representatives, ENTRUST User Group representatives, and\nofficials from NIST and GAO. We conducted the audit between April 1997 and November 1998\nin accordance with generally accepted government auditing standards.\n\nThe scope of this audit was limited to an evaluation of DIRM\xe2\x80\x99s (1) deployment of secure-\nsockets-layer (SSL)4 software to secure access to PROS; (2) deployment of ENTRUST to\nestablish an initial PKI to support ETVPS; and (3) compliance with NIST and GAO requirements\nfor carrying out these actions.\n\nRESULTS OF AUDIT\n\nDIRM implemented sufficient controls to support the use of SSL with PROS. Further, DIRM\nimplemented some of the controls needed to support use of the ENTRUST manager, admin, and\nclient components as the backbone of the FDIC PKI for low- to moderate-risk business\napplications. However, DIRM\xe2\x80\x99s system qualification testing (SQT) to ensure that functional\nrequirements were satisfied was incomplete. Further, DIRM did not ensure adequate separation\nof duties for sensitive operations by employing ENTRUST\xe2\x80\x99s multiple authorization feature. In\naddition, security for the FDIC\xe2\x80\x99s PKI operations was reduced because the database that stores\nauthenticated public-key certificates and the certificate authority that assures the authenticity of a\ndigital certificate were operating from the same hardware platform in conflict with GAO\nrequirements, which call for separate platforms. Finally, PKI internal control practices were not\nfully documented, and the FDIC's automated registration process for ENTRUST allowed the\npossibility for users to masquerade as other users.\n\nDIRM demonstrated its intent to institute corrective actions in response to our recommendations\nthroughout the audit. For example, during our review of the use of SSL with PROS, DIRM\nexpanded its testing and tightened access privileges to sensitive files. Further, DIRM expanded\nits PROS security documentation to describe how a router was being used to prevent\nunauthorized access from the Internet. In addition, DIRM substantially improved its ENTRUST\nsecurity and control documentation in response to our observations and suggestions. For\nexample, DIRM established a PKI Concept of Operations, documenting its plans for\nimplementing and operating its PKI operations, and developed an ENTRUST Installation\nDocument. DIRM also enhanced its PKI policies and procedures related to low- and moderate-\nrisk applications. Finally, DIRM committed to enhancing future controls by implementing a\nFIPS 140-1 level-three-compliant hardware certificate authority to establish a single PKI to\nsupport the FDIC\xe2\x80\x99s high-, medium-, and low-risk business applications.\n\nAppendix I contains more detail on some specific conditions noted during this audit. These\nconditions are generally described in the following sections of this report, and more details are\n\n4\n  An industry standard software-based protocol designed to provide privacy during telecommunications between two\nsites using cryptography.\n                                                         3\n\x0cpresented in appendix I due to their technical nature.\n\nENTRUST SYSTEM QUALIFICATION TESTING COULD BE IMPROVED\n\nDIRM Security had not performed thorough and complete SQT for ENTRUST. DIRM Security\nofficials indicated that SQT for ENTRUST was not necessary because the ENTRUST\ncryptographic module had undergone NIST accreditation for conformance to FIPS 140-1\nSecurity Requirements for Cryptographic Modules. Thorough and complete SQT is needed to\nensure that a system is functioning as intended and provides adequate security and controls.\n\nWe confirmed that NIST had performed FIPS 140-1 cryptographic module validation (CMV)\ntesting for ENTRUST\xe2\x80\x99s cryptographic module component. However, NIST\xe2\x80\x99s CMV testing does\nnot impact the FDIC\xe2\x80\x99s need to test ENTRUST implementation in its actual operating\nenvironment. NIST testing for ENTRUST was conducted in a laboratory setting with the\ncryptographic module running on a single, non-networked microcomputer operating in single-\nuser mode under Microsoft Windows operating systems. By contrast, the FDIC operates a series\nof local area networks connected by a wide area network and intends to use ENTRUST in a\nmulti-user mode. In addition, we noted that the NIST testing was not applied to all features of\nENTRUST, and the operating system tested differed from the Sun Solaris operating system used\nby the FDIC.\n\nThe FDIC\xe2\x80\x99s system development life cycle methodology requires SQT for all software\ndevelopment and acquisition activities to ensure that functional requirements have been\naddressed. Prudent information resources management dictates thorough testing of any complex\nprocess involving new information technology such as a PKI. Also, cryptographic algorithms,\nthe formulas that provide the basis for encryption used by the U.S. Government, must be\nsanctioned by NIST and are currently limited to three specific algorithms. Accordingly,\nENTRUST system users should not be provided the option of selecting cryptographic algorithms\nthat may not be compliant with NIST standards. Finally, any cryptographic modules used by the\nU.S. Government for conducting official business must conform to FIPS 140-1 Security\nRequirements for Cryptographic Modules as well as GAO requirements.\n\nSeveral major ENTRUST control features were not supported by evidence of SQT. Ineffective\noperation of these control features could expose the FDIC\xe2\x80\x99s related processes, data, and systems\nto increased risk of inappropriate and undetected activity. Specific examples of the major\nENTRUST control features that were not thoroughly and completely tested are listed in appendix I.\n\nWe identified four causes for DIRM\xe2\x80\x99s incomplete testing of ENTRUST. First, DIRM Security\nofficials interpreted the FIPS 140-1 CMV testing as being an all-inclusive substitute for in-house\nSQT. Second, the ENTRUST design feature that permits users to select the encryption\nalgorithms to be employed is subtle and can be overlooked. Third, ENTRUST operation in non-\nFIPS mode is a system default and the use of this system default was a design decision to\nfacilitate the use of ENTRUST with certain cryptographic hardware devices that require keys to\nbe loaded in clear text. Finally, DIRM Security\xe2\x80\x99s evaluation and testing of ENTRUST software\n\n                                                 4\n\x0cdid not identify encryption-option-method-selection and operating-in-non-FIPS-mode design\nfeatures as potential control issues.\n\nThe effect of an incomplete ENTRUST SQT is that the implemented PKI may not function as\nintended by management. As discussed earlier, the FDIC\xe2\x80\x99s planned implementation of\nENTRUST permitted users to select the cryptographic algorithm to be used. Such an option may\nresult in FDIC users employing algorithms not sanctioned by NIST to encrypt sensitive corporate\ndata. Consequently, sensitive corporate data may be subject to unauthorized disclosure because\ncryptographic algorithms selected may be weaker than NIST-sanctioned algorithms. ENTRUST\ncan be operated from either FIPS mode or non-FIPS mode. Operating ENTRUST in non-FIPS\nmode voids NIST sanctioning and reduces controls. The resultant reduction in controls could\nresult in corruption of the cryptographic module, including the certificates issued, and provide\nthe ability to export private cryptographic keys in clear text that has not been encrypted.\n\nAfter discussing these conditions with DIRM officials, DIRM agreed to perform and document\ntesting of the PKI control features discussed above, expanded the project schedule to include\nadditional testing, and provided us with a copy of the revised schedule.\n\nRecommendations\n\nWe recommend that the Director, DIRM, continue to:\n\n(1) Ensure that SQT of major PKI control features of and related to ENTRUST are performed and\n    documented to supplement the FIPS 140-1 CMV testing.\n(2) Enforce the use of only NIST-sanctioned cryptographic algorithms through ENTRUST for\n    encrypting sensitive corporate data.\n(3) Prevent system users from being able to choose the cryptographic algorithm to be used for\n    encrypting sensitive corporate data.\n(4) Ensure that the version of ENTRUST used at the FDIC operates in FIPS mode.\n\nENTRUST MULTIPLE AUTHORIZATION FEATURE NOT IN USE\n\nDIRM missed an opportunity to better control the integrity of its planned PKI operations.\nENTRUST\xe2\x80\x99s multiple authorization feature (MAF) can require the involvement of at least two\nindividuals to perform and authorize sensitive PKI operations. However, DIRM had not\nimplemented this control. Instead, this capability was set so that only one individual was\nrequired to perform and authorize sensitive PKI operations. Sensitive PKI operations include\nenabling and disabling ENTRUST security officers, administrators, and directory administrators;\nsetting default lifetimes for user cryptographic keys, certificate revocation lists, and cross-\ncertificates; and cross-certifying with other certificate authorities.\n\nPrudent PKI management requires the use of system-enforced dual control over sensitive PKI\noperations. The manufacturer of ENTRUST recommends that multiple authorizations be used\nfor sensitive PKI operations. Furthermore, GAO requirements specify the need for dual control\nwithin PKI operations.\n                                              5\n\x0cDIRM officials stated that the MAF was set to permit one person to perform these sensitive\noperations for operational efficiency. Further, even though the manufacturer recommends\nmultiple authorizations for sensitive operations, ENTRUST\xe2\x80\x99s default setting for this function is\nset to one and requires modification to provide the recommended security.\n\nA MAF setting of one provides an administrator or security officer the ability to gain access to a\nuser's ENTRUST identity without the knowledge of at least one other administrator or security\nofficer. In such an environment, the administrator or security officer can perform sensitive\nfunctions such as establishing the useful life for keys, certificates, and revocation lists. A key is\na numeric value that, along with a cryptographic algorithm, can encrypt, decrypt, sign and, verify\ndata. A certificate is a tamperproof set of data assigned to an individual for use in the encryption\nprocess. A revocation list is an electronically signed list of revoked certificates. The lifetime\nestablished for these entities determines their strength as a control feature. For example, the\nshorter a private key's lifetime, the greater the probability of it not being discovered by\nunauthorized parties.\n\nRecommendation\n\nWe recommend that the Director, DIRM, ensure that:\n\n(5) The ENTRUST multiple authorization feature be set to a minimum of two so that all sensitive\nPKI operations require the involvement of at least two individuals.\n\nTHE FDIC\xe2\x80\x99s X500 DIRECTORY AND CERTIFICATE AUTHORITY WERE\nOPERATING FROM THE SAME PLATFORM\n\nDIRM\xe2\x80\x99s installation of two major components of the PKI on one workstation reduced security\nover DIRM\xe2\x80\x99s operations. A single workstation contained both the X500 directory, used to store\nthe public keys assigned to users to ensure secure communications, and the certificate authority\n(CA) component of ENTRUST that verifies the authenticity of digital certificates created by\nusers. GAO requires that the X500 directory and CA reside on separate hardware platforms to\npreclude unnecessary network access to the CA. The manufacturer of ENTRUST also\nrecommends that the X500 directory reside on a separate hardware platform from the one\nhousing other ENTRUST software components to improve security.\n\nDIRM stored the X500 directory and other ENTRUST components on the same hardware\nplatform to enhance operational convenience and network performance. In fact, the\nmanufacturer had recommended, for earlier versions of the software, that the X500 directory\nreside on the same hardware platform as the other ENTRUST components.\n\nFrequent network access to the hardware platform to obtain certificates from the X500 directory\nincreases the risk of unauthorized access and compromise to the CA due to potential malfunction\nof operating-system-level software that governs access control. Storing the CA on a separate\nplatform significantly reduces such an exposure.\n                                                6\n\x0cRecommendation\n\nWe recommend that the Director, DIRM:\n\n(6) Require operation of the FDIC X500 directory and CA from separate hardware platforms.\n\nPKI INTERNAL CONTROL PRACTICES NOT FULLY DOCUMENTED\n\nDIRM made substantial progress in establishing control practice documentation during our audit.\nIn response to an OIG recommendation contained in our earlier audit report (98-052), DIRM\nestablished a PKI Concept of Operations. Based upon proposed recommendations during our\ncurrent audit, DIRM established an ENTRUST Installation Document and enhanced its Low-to-\nModerate Assurance Certification Policy and Practices Statement. However, documentation\ndescribing the control practices used in operating and managing the PKI remained incomplete.\nMissing or incomplete documentation included that related to access controls and other security\nfeatures, configuration management to control changes to the software, DIRM\xe2\x80\x99s registration\nprocess for assigning digital certificates to users, and descriptions of files used by the software-\nbased CA. See appendix I for a more detailed listing of the missing or incomplete\ndocumentation.\n\nA PKI must be thoroughly documented to ensure understanding by management, administration,\nand user personnel; consistency with management's intentions; and conformance to prudent\ncontrol practices. However, documentation preparation often receives lower priority than other\ndesign and implementation tasks. Because of the importance of this new technology and its\npotential impact on corporate operations, it is critical that the implemented PKI be understood,\nconsistent with management's intentions, and adequately controlled.\n\nDIRM agreed to develop the needed additional PKI control practice documentation that we\nidentified. DIRM expanded its project schedule to include such documentation requirements and\nprovided us with a copy of the revised schedule.\n\nRecommendation\n\nWe recommend that the Director, DIRM:\n\n(7)    Continue to require that complete and accurate documentation describing the control\n       practices used in operating and managing the FDIC PKI be established and maintained.\n\nAUTOMATED REGISTRATION PROCESS INCREASED OPPORTUNITIES FOR\nMASQUERADING\n\nWhen users want to use their electronic identity, it is important that the system first validate that\nidentity. DIRM\xe2\x80\x99s conceptual design for ENTRUST\xe2\x80\x99s automated registration process, however,\ncontained a limitation that could result in electronic identity compromise. Specifically, the\n                                                   7\n\x0cpotential exists for one system user to disguise himself or herself as another system user and be\nregistered to use ENTRUST as that other user. The masquerade could continue until the\nlegitimate user attempts the ENTRUST registration process.\n\nSuch \xe2\x80\x9cmasquerading\xe2\x80\x9d could occur because the proposed automated ENTRUST registration\nprocess did not link the social security number of the registering user with the Windows-NT\nlogin process. The Windows NT login process is the validation of a user\xe2\x80\x99s identity before\npermitting access to the FDIC\xe2\x80\x99s local and wide area networks. DIRM planned to register users\nunder ENTRUST by having them enter their social security number during the registration\nprocess following successful NT access but without precluding them from entering the social\nsecurity number of another. This process could increase the FDIC\xe2\x80\x99s exposure to masquerading\nbecause of the availability of user social security numbers within the FDIC, including their\ndisplay on hardcopy documents such as time sheets, leave slips, and training forms.\n\nThe effect of this condition is twofold. First, successful ENTRUST automated registration\nprocess masquerading would permit a masquerader to assume another\xe2\x80\x99s identity and send\nencrypted or signed information to other users. A masquerader would also be able to accept and\nuse encrypted and signed information sent by others to the legitimate user whose identity the\nmasquerader has assumed. Second, masquerading, regardless of duration, may permit\ninappropriate use of impacted business applications such as the ETVPS. In other words, travel\ninformation may be falsified or improperly approved and could result in fraudulent claims for\nreimbursement.\n\nDIRM agreed that this condition warranted corrective action and has agreed to modify the\nautomated registration process design to restrict a user from employing the social security\nnumber of another user to achieve successful ENTRUST registration. We, therefore, are not\nmaking any formal recommendations related to this condition.\n\nCORPORATION COMMENTS AND OIG EVALUATION\n\nOn March 4, 1999, the Director, DIRM, provided a written response to the draft report. The\nresponse is presented in Appendix II of this report. The Director, DIRM, stated that he will\ncomplete actions to address the report's findings by August 31, 1999.\n\nThe Corporation\xe2\x80\x99s response to the draft report provided the elements necessary for management\ndecisions on the report\xe2\x80\x99s recommendations. Therefore, no further response to this report is\nnecessary. Appendix III presents management\xe2\x80\x99s proposed action on our recommendations and\nshows that there is a management decision for each recommendation in this report.\n\n\n\n\n                                                 8\n\x0cAPPENDIX I                                                                      APPENDIX I\n                                DETAILS OF CONDITIONS\n\nENTRUST System Qualification Testing Could Be Improved in the Following Areas:\n\xc2\xa7 Secure Exchange Protocol and ENTRUST Session use to secure communication among the\n  ENTRUST manager, administration, and client components.\n\xc2\xa7 Sun Solaris ENTRUST platform password and other operating system level security features.\n\xc2\xa7 Non-FIPS mode operating parameter of ENTRUST. When operating in this mode, NIST\n  accreditation of the ENTRUST cryptographic module is nullified.\n\xc2\xa7 Encryption method option of ENTRUST. This option permits system users to select\n  cryptographic algorithms for encrypting sensitive corporate data that are not NIST-\n  sanctioned.\n\xc2\xa7 ENTRUST network performance.\n\n\nPKI Internal Control Practices Not Fully Documented\n\xc2\xa7 ENTRUST installation and customization documentation, in terms of (1) the International\n   Computers Limited's (ICL) X500 directory operational attribute settings governing access\n   control and shadowing, (2) Sun Solaris operating system security features used, and\n   (3) ENTRUST security policy configuration, or simply stated, the use of ENTRUST features\n   to achieve the FDIC\xe2\x80\x99s security objectives was incomplete.\n\xc2\xa7 ENTRUST and SCM software configuration management practices documentation was\n   limited to the build process employed for all multi-tiered application architecture common\n   objects. Software configuration management is an umbrella activity that controls the\n   application of changes to software.\n\xc2\xa7 Secure Communication Manager (a software component of the FDIC Multi-Tier Application\n   Manager Architecture that provides encryption and electronic signature services to business\n   applications) test documentation was incomplete.\n\xc2\xa7 Automated ENTRUST registration process (procedures followed to validate a user's identity\n   as a prerequisite to assigning them an electronic identity such as a digital certificate)\n   documentation was limited to a six-page draft of system qualification test requirements,\n   prerequisites, and scripts document.\n\xc2\xa7 High assurance certificate policy and practice statements were not yet available.\n\xc2\xa7 ENTRUST Manager file descriptions were incomplete in terms of the purpose of binary files\n   and their relationship to the software-based CA.\n\n\n\n\n                                              9\n\x0c                                                                                                    APPENDIX II\n                                         CORPORATION COMMENTS\nFDIC\nFederal Deposit Insurance Corporation\n3501 North Fairfax Drive. Arlington, VA 22226        Division of Information Resources Management\n\n\n\n\nMarch 4, 1999\n\nMEMORANDUM TO:                         David H. Loewenstein\n                                       Assistant Inspector General\n\n\n\nFROM:                                  Donald C. Demitros, Director\n                                       Division of Information Resources Management\n\nSUBJECT:                               DIRM Management Response to the Draft OIG Report Entitled,\n                                       Cryptographic Infrastructure Design (CID) Audit\n                                       (Audit Number 97-902)\n\n\nThe Division of Information Resources Management (DIRM) has reviewed the draft audit report\nand, in general, agrees with the findings and recommendations.\n\nWe would like to thank the OIG staff for working so closely with the DIRM ISS staff during the\npreparation of this report. The recommendations of the OIG on this audit has enabled DIRM to\nidentify and implement a number of corrective actions to date. Examples include DIRM\xe2\x80\x99s\nexpansion of testing and tightening of access privileges to sensitive files associated with the\nPerformance Reports On-line System (PROS) during the review of the secure-sockets-layer\n(SSL) software; expansion of PROS security documentation; and improved ENTRUST security\nand control documentation including Public Key Infrastructure (PKI) Concepts of Operation and\nENTRUST Installation documents. PKI policies and procedures were also enhanced relative to\nlow and moderate risk applications.\n\nEach of the conditions and recommendations from the draft report are identified below. DIRM\xe2\x80\x99s\nmanagement response including any corrective action is provided immediately following each\nspecific recommendation.\n\n\n\n\n                                                        10\n\x0c                                                                                       APPENDIX II\n                                CORPORATION COMMENTS\n\nENTRUST SYSTEM QUALIFICATION TESTING COULD BE IMPROVED\n\nRecommendations\n\nWe recommend that the Director, DIRM, continue to:\n\n(1) Ensure that SQT of major PKI control features of and related to ENTRUST are performed and\n    documented to supplement the FIPS 140-1 CMV testing.\n\n   Corrective Action: The Information Security Staff (ISS) is developing a comprehensive set of\n   test plans to fully test all aspects of the FDIC PKI. The former virus test lab has been modified\n   to accommodate PKI component testing. Expected completion of the testing is 6/30/99.\n\n(2) Enforce the use of only NIST-sanctioned cryptographic algorithms through ENTRUST for\n    encrypting sensitive corporate data.\n\n   Management Response: DIRM Security Policy 98-012, FDIC Encryption/Digital Signature\n   and Public Key Infrastructure (PKI) Standard published 9/29/98 states that ENTRUST\n   hardware and software is the corporate standard for encryption/digital signature and Public\n   Key Infrastructure (PKI). FDIC applications that use ENTRUST will make use of NIST-\n   sanctioned algorithms and those algorithms will be provided as the initial default selection.\n\n(3) Prevent system users from being able to choose the cryptographic algorithm to be used for\n    encrypting sensitive corporate data.\n\n   Corrective Action: FDIC organizations have a business need for secure communications\n   within the corporation and with external business partners including commercial firms, state\n   bank examiners, etc. By 8/31/1999, DIRM will prepare a policy memorandum specifying the\n   cryptographic algorithm to be used for secure internal communications and will provide this\n   algorithm as the initial default when deploying ENTRUST. Because of the need for secure\n   external communications that must use the cryptographic algorithm selected by our business\n   partners, the ability to select other than the initial default algorithm must also be made available.\n   DIRM staff, in conjunction with OIG staff, will work to identify technical alternatives to this\n   current procedure. If OIG can commit resources, DIRM proposes to conduct this identification\n   of technical alternatives, if any, by 6/30/99.\n\n(4) Ensure that the version of ENTRUST used at the FDIC operates in FIPS mode.\n\n   Corrective Action: A revised entrust.ini file which will change the ENTRUST version used at\n   the FDIC so that it will operate in FIPS mode will be distributed following testing by DIRM ISS\n   Operations. Estimated completion date 8/31/99.\n\n                                                  11\n\x0c                                                                                APPENDIX II\n                              CORPORATION COMMENTS\n\nENTRUST MULTIPLE AUTHORIZATION FEATURE NOT IN USE\n\nRecommendation\n\nWe recommend that the Director, DIRM, ensure that:\n\n(5) The ENTRUST multiple authorization feature be set to a minimum of two so that all\n    sensitive PKI operations require the involvement of at least two individuals.\n\n   Corrective Action: The ENTRUST multiple authorization feature can currently be set to a\n   minimum of two for some sensitive PKI operations. DIRM is setting this feature at a\n   minimum of two for select actions by Security Officers. In addition, DIRM will set this\n   feature for the Entrust Manager, which currently uses a software implementation that is\n   specific to three Master Users. DIRM is in the process of identifying and obtaining\n   necessary hardware required to support all remaining sensitive PKI operations. ISS is\n   currently obtaining Level 3 \xe2\x80\x93 4 hardware cryptographic modules for lab testing with our PKI.\n   The conversion to a hardware cryptographic module is predicated on the conversion of the\n   Entrust Manager from its current version (3.0c1) to version 4.X running on a Windows NT\n   server. A cost benefit analysis was conducted showing the importance of maintaining the\n   initial approach of converting from Unix to Windows NT. Estimated completion date for\n   enabling the multiple authorization feature for select Security Officers and Entrust Manager\n   actions is 6/30/99. The estimated completion date for obtaining and implementing the\n   necessary hardware and setting the multiple authorization feature on the remaining sensitive\n   PKI operations is 8/31/99.\n\nTHE FDIC\xe2\x80\x99s X500 DIRECTORY AND CERTIFICATE AUTHORITY WERE\nOPERATING FROM THE SAME PLATFORM\n\nRecommendation\n\nWe recommend that the Director, DIRM:\n\n(6) Require operation of the FDIC X500 directory and CA from separate hardware platforms.\n\n   Corrective Action: DIRM is developing procedures and guidance to require operation of the\n   FDIC X500 directory and CA from separate hardware platforms. Current estimated completion\n   date is 8/31/99.\n\n\n\n\n                                              12\n\x0c                                                                                APPENDIX II\n                              CORPORATION COMMENTS\n\nPKI INTERNAL CONTROL PRACTICES NOT FULLY DOCUMENTED\n\nRecommendation\n\nWe recommend that the Director, DIRM:\n\n(7) Continue to require that complete and accurate documentation describing the control\npractices used in operating and managing the FDIC PKI be established and maintained.\n\n   Corrective Action: DIRM ISS is in the process of updating and validating all test,\n   operation, and recovery procedures and documentation. OIG personnel will be provided\n   documentation as it is prepared. Estimated completion is 6/30/99.\n\n\nPlease address any questions to DIRM\xe2\x80\x99s Audit Liaison, Rack Campbell, on 516-1422.\n\n\ncc: Robert M. Cittadino, OICM\n    Howard Furner, OICM\n\n\n\n\n                                              13\n\x0c                                                                                                                                                            APPENDIX III\n\n                                                      MANAGEMENT RESPONSES TO RECOMMENDATIONS\n\nThe Inspector General Act of 1978, as amended, requires the OIG to report the status of management decisions on its recommendations in its semiannual reports to the\nCongress. To consider FDIC\xe2\x80\x99s responses as management decisions in accordance with the act and related guidance, several conditions are necessary. First, the response must\ndescribe for each recommendation\n\n    \xc2\xa7   the specific corrective actions already taken, if applicable;\n    \xc2\xa7   corrective actions to be taken together with the expected completion dates for their implementation; and\n    \xc2\xa7   documentation that will confirm completion of corrective actions.\n\nIf any recommendation identifies specific monetary benefits, FDIC management must state the amount agreed or disagreed with and the reasons for any disagreement. In the\ncase of questioned costs, the amount FDIC plans to disallow must be included in management\xe2\x80\x99s response.\n\nIf management does not agree that a recommendation should be implemented, it must describe why the recommendation is not considered valid.\nSecond, the OIG must determine that management\xe2\x80\x99s descriptions of (1) the course of action already taken or proposed and (2) the documentation confirming completion of\ncorrective actions are responsive to its recommendations.\n\nThis table presents the management responses that have been made on recommendations in our report and the status of management decisions. The information for\nmanagement decisions is based on management\xe2\x80\x99s written response to our report and subsequent discussions with management representatives.\n\n\n\n\n                                                                                     14\n\x0c                                                                                         Documentation That                  Management\n Rec.                                                                     Expected          Will Confirm          Monetary   Decision: Yes\nNumber        Corrective Action: Taken or Planned/Status               Completion Date      Final Action          Benefits      or No\n         The Corporation agreed with the recommendation.\n                                                                                         DIRM documented test\n  1      DIRM will perform the recommended testing of major             June 30, 1999                              None          Yes\n                                                                                               results\n         PKI control features.\n         The Corporation agreed with the recommendation.\n         DIRM will issue a policy memorandum specifiying that                                 DIRM policy\n                                                                                                                                 Yes\n  2      FDIC applications will use NIST sanctioned algorithms.        August 31, 1999      memorandum and         None\n         Such algorithms will also be provided as the initial                             system specifications\n         default selection.\n         The Corporation agreed with the recommendation.\n         DIRM will issue a policy memorandum specifying the\n         cryptographic algorithms to be used for internal\n                                                                                              DIRM policy\n         communications and will provide this algorithm as the\n  3                                                                    August 31, 1999     memorandum and          None          Yes\n         initial default when deploying ENTRUST. DIRM will\n                                                                                          alternatives analysis\n         also perform an analysis to identify alternative methods\n         for controlled use of other algorithms to facilitate secure\n         external communication with selected business partners.\n         The Corporation agreed with the recommendation.\n                                                                                         DIRM documented test\n         DIRM will test and distribute a revised entrust.ini file\n  4                                                                    August 31, 1999    results and software     None          Yes\n         that will ensure that the ENTRUST software operates in\n                                                                                          distribution records\n         FIPS mode.\n                                                                                             DIRM system\n         The Corporation agreed with the recommendation.\n                                                                                             specifications\n         DIRM will change the ENTRUST multiple authorization\n  5                                                                    August 31, 1999       supporting the        None          Yes\n         feature so that more than one individual is involved with\n                                                                                          ENTRUST multiple\n         all sensitive PKI operations.\n                                                                                          authorization feature\n         The Corporation agreed with the recommendation.                                   DIRM PKI system\n  6      DIRM will operate the X500 directory and certificate          August 31, 1999       configuration         None          Yes\n         authority from separate hardware platforms.                                        documentation\n         The Corporation agreed with the recommendation.\n         DIRM will establish complete and accurate control                                 DIRM PKI control\n  7                                                                     June 30, 1999                              None          Yes\n         practice documentation for PKI operation and                                    practice documentation\n         management.\n\n\n\n\n                                                                             15\n\x0c"